Fitness brand Under Armour said it discovered a data breach that affected around 150 million users of MyFitnessPal, a fitness and nutrition tracking app that the company owns. The company said that data affected could include usernames, emails and passwords, though it doesn’t appear to affect credit card information. The company said it is still investigating how the breach occurred.
One thing to note is Under Armour’s speed from breach discovery to breach disclosure. The company said it discovered the security breach earlier this week and began notifying users four days ago. That’s an unusually quick timeframe for breach disclosure. Equifax, by comparison, took upwards of five months from learning about the breach to telling the public. But it’s also a shorter timeframe that companies will have to get used to under GDPR, which requires 72 hour breach notification for any companies with EU customers.